Theoretically, it would be possible for an attacker to brute-force the password for an instance in single-user password protection mode via a timing attack given the linear nature of the `!==` used for comparison.
The risk is minified by the additional overhead of the request, which varies in a non-constant nature making the attack less reliable to execute
Metrics
Affected Vendors & Products
References
History
Thu, 27 Mar 2025 11:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Mintplexlabs
Mintplexlabs anythingllm |
|
Weaknesses | CWE-764 | |
CPEs | cpe:2.3:a:mintplexlabs:anythingllm:*:*:*:*:*:*:*:* | |
Vendors & Products |
Mintplexlabs
Mintplexlabs anythingllm |
|
Metrics |
cvssV3_1
|
Thu, 27 Mar 2025 11:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 27 Mar 2025 11:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Theoretically, it would be possible for an attacker to brute-force the password for an instance in single-user password protection mode via a timing attack given the linear nature of the `!==` used for comparison. The risk is minified by the additional overhead of the request, which varies in a non-constant nature making the attack less reliable to execute | Theoretically, it would be possible for an attacker to brute-force the password for an instance in single-user password protection mode via a timing attack given the linear nature of the `!==` used for comparison. The risk is minified by the additional overhead of the request, which varies in a non-constant nature making the attack less reliable to execute |
Weaknesses | CWE-203 |

Status: PUBLISHED
Assigner: @huntr_ai
Published: 2024-02-25T16:25:11.963Z
Updated: 2025-03-27T10:44:21.296Z
Reserved: 2024-01-11T18:58:30.511Z
Link: CVE-2024-0436

Updated: 2024-08-01T18:04:49.780Z

Status : Modified
Published: 2024-02-26T16:27:50.283
Modified: 2025-03-27T11:15:35.710
Link: CVE-2024-0436

No data.